Canada’s Anti-Spam Law (CASL) – What Businesses Should Do

On December 4, 2013, Canada’s Minister of Industry announced that the much anticipated Canada’s Anti-spam Legislation (CASL) will come into force on July 1, 2014. CASL was introduced in 2010 and has been evaluated and discussed by representatives of industry and consumer groups ever since. While many have criticized CASL as an overly onerous legislation with detrimental effects on Canadian businesses, all agree that the coming into force of CASL is a stark reality which will virtually affect all organizations and businesses as well as many individuals. With penalties of up to $10,000,000 for organizations and $1,000,000 for individuals, many are rolling up their sleeves to take steps towards CASL compliance prior to its coming into force. What is more troubling is that unbeknownst to the majority of Canadians, the scope of CASL goes way beyond preventing what many of us regard as spam. According to a recent Deloitte poll, only 13% of organizations say they understand CASL requirements and have begun to apply them to their business.

Studies suggest that spam accounts for 65% of messages transmitted through the internet and according to the government of Canada, spam costs the Canadian economy more than $3 billion a year. Despite being one of the last developed countries in the world to target this issue by implementing anti-spam laws, Canada is introducing one of the toughest legislations in the world. Moving towards an opt-in system, one of the overarching principles of CASL is that express or implied consent is required prior to sending of commercial electronic messages.

So what makes CASL so onerous? As the saying goes the devil is in the details, and in this case it lies in the scope of electronic messages that are covered by CASL as well as its content and record keeping requirements. While many of us would expect CASL to only apply to mass email messages sent by corporations offering to sell goods or services, you may be surprised to find out that, among other types of messages, the legislation also applies to messages sent by non-profit organizations as well as messages that you send to individuals with whom you have a business relationship or who have been referred to you by a third party.

In the case of an existing business relationship, you are permitted to send commercial electronic messages to people who have purchased a product or service form you for a period of only two years from the time of the purchase and for a period of only six months to people who have made an inquiry from you about the products or services that you offer. After the expiry of these time periods you need express consent from the recipient, and in the absence of implied consent you are not permitted to send an electronic message to obtain express consent. In the case of third party referrals, you are only permitted to send one commercial electronic message to an individual who was referred to you by a third party and in your message you will need to include the name and contact information of the individual who made the referral.

CASL requires that all commercial electronic messages include identification and contact information of the sender as well as an unsubscribe mechanism that is set out clearly and prominently which allows the recipient to opt out of all types of electronic communications from the sender. CASL also imposes significant record keeping obligations and requires that the date and time of consent, along with the purpose and manner of consent be recorded in a database. A confirmation of consent will also need to be sent to the recipient as soon as the consent is obtained.

So what should we do between now and July of 2014? Obtaining consent from those to whom we wish to send commercial electronic messages is the first step. Now is a good time to send out emails and ask for consent as after July 1, 2014, an email which requests consent will itself be deemed a commercial electronic message. Prior to sending your emails, make sure to carefully review the form and content requirements of requests for consent under CASL. If you are part of a larger organization, consider putting together a team of individuals tasked with monitoring CASL compliance and be wary of liabilities of the directors, officers and employers who through action or inaction permit commercial electronic messages to be sent in violation of CASL. Finally, consider obtaining a thorough legal assessment of your current operations and note that this text is not intended to replace legal advice.